Data revealed by a platform during account recovery flows, such as partially masked email addresses, phone numbers, or security questions. Recovery mechanisms are designed for legitimate users but can inadvertently disclose private contact details. ### Related weaknesses - [[SOWEL-1. Having and Filling Account]] - [[SOWEL-15. Tolerating Privacy Gaps]] ### Related techniques - [[SOTL-4.1. Try to Recover Access]] - [[SOTL-1.3. Try to Register]]